Hello,
I have been using MS ATA is find systems & apps making clear text LDAP connections to our domain controllers and have reconfigured them to use SLDAP / port 636. I have the clear text connections down to zero, but the count for the "performed without signing" is showing several thousand. (This is from the event 2887 in the Directory Service log.) I want to set the GPO mentioned in this article: https://support.microsoft.com/en-us/help/935834/how-to-enable-ldap-signing-in-windows-server-2008
My question is could I break anything? No one is using clear text anymore but there are a ton of non-signed connections. Can I block one and not the other? Thanks!
Number of simple binds performed without SSL/TLS: 0
Number of Negotiate/Kerberos/NTLM/Digest binds performed without signing: 3267
